Non-Parametric Probabilistic Robustness: A Conservative Risk Estimator under Unknown Perturbation Distributions
About
Deep learning (DL) models, despite their remarkable success, remain vulnerable to small input perturbations that can cause erroneous outputs, motivating the recent proposal of probabilistic robustness (PR) as a complementary alternative to adversarial robustness (AR). However, existing PR formulations assume a fixed and known perturbation distribution, an unrealistic expectation in practice. To address this limitation, we propose non-parametric probabilistic robustness (NPPR), a more practical PR metric that does not rely on any predefined perturbation distribution. Following the non-parametric paradigm in statistical modeling, NPPR learns an optimized perturbation distribution directly from data, enabling conservative PR evaluation under distributional uncertainty. We further develop an NPPR estimator based on a Gaussian Mixture Model (GMM), covering various input-dependent and input-independent perturbation scenarios. Theoretical analyses establish the relationships among AR, PR, and NPPR. Extensive experiments on CIFAR-10, CIFAR-100, and Tiny ImageNet across ResNet18/50, WideResNet50 and VGG16 validate NPPR as a more practical robustness metric, showing conservative (lower) PR estimates compared to assuming those common perturbation distributions used in state-of-the-arts.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Robustness Estimation Efficiency | CIFAR-10 | Inference Time (s)3.96 | 28 | |
| Robustness Estimation Efficiency | CIFAR-100 | Inference Wall-Clock Time (s)3.98 | 28 | |
| Robustness Estimation Efficiency | TinyImageNet | Inference Time (s)8.36 | 28 | |
| Image Classification | CIFAR-10 | -- | 7 | |
| Image Classification | CIFAR-100 | -- | 7 | |
| Image Classification | TinyImageNet | -- | 7 | |
| Robustness Estimation | CIFAR-10 (test) | Accuracy (4/255)98.67 | 6 | |
| Image Classification | CIFAR10 | -- | 4 | |
| Image Classification | CIFAR100 | -- | 4 | |
| Image Classification | TinyImageNet | -- | 4 |